How a Security Obsession Made CoreOS a Linux Container Player

Plenty of companies are working toward bringing hyperscale infrastructure to everyday enterprises. But CoreOS has a cute acronym for it: Gifee.

It means “Google infrastructure for everyone else,” and it’s part of a deeper mission that led to CoreOS’s founding in the first place. Amid the explosion of Docker and Linux containers, and CoreOS’s own entry called rkt, it’s easy to think of CoreOS as just part of the container gold rush. But CEO Alex Polvi says CoreOS was created with a bigger mission: securing the entire Internet.

Polvi, speaking to SDxCentral after his talk at Container World on Thursday, explains it like this: Ninety percent of security woes come from software that needed updating — code that’s missing a crucial patch, for instance. That’s the real problem CoreOS wants to fix.

To do that, CoreOS had to strike at the reason upgrades don’t happen: fragile infrastructure. Large data centers are rife with points of failure, Polvi says. If everything is going well, operators are skittish about upgrading software; they can’t risk crashing the data center due to a bad upgrade.

The key to getting around that is Gifee. (CoreOS spells it in all-caps — GIFEE — but our humane editorial style is to de-capitalize any pronounceable acronym with five or more letters.)

Google’s innovation was to turn the entire data center into one big computer — a big distributed computer. If one segment of it goes down, another can take its place.

This curbs upgrade phobia, because in a distributed environment, an operator can try out the upgrade on, say, 10 percent of the data center. If something goes south, the operator can roll back that code upgrade (rollbacks being another Gifee element, provided via Git repositories). Any disrupted jobs can be shifted to the unaffected 90 percent of the data center.

If Gifee catches on, the long-term implications could be huge, Polvi says. “What, if anybody, could stamp out a Google? Google’s infrastructure is what enabled Google to create search and to create Chrome. If that isn’t a proprietary advantage, what happens next?”

Being Contained

CoreOS has certainly been helped by the rise of containers. Founded at around the same time as Docker Inc., CoreOS got publicity from being lumped into that container ecosystem — although CoreOS found Docker containers lacking, for its purposes, and went on to create a different container architecture under the rkt runtime, which just reached its 1.0 release.

“Docker turned out to be implemented in a very poor way, and that’s why we invented rkt,” Polvi says.

CoreOS benefited from surrounding technologies, but the reverse is true as well. Docker’s Kubernetes project relies heavily on etcd, a piece of distributed-storage code developed by CoreOS. And, to complete the circle, CoreOS decided to abandon its own container orchestrator, called Fleet, in favor of using Kubernetes.

Docker, though, was key to CoreOS’s infancy, because the sudden rise of Docker containers has helped set the stage for major infrastructure transformations. That, in turn, opens enterprises’ minds to the ideas behind Gifee.

It’s not just Google envy. Enterprises are encountering problems similar to those that caused Google to build its own infrastructure.

“Every industry is seeing an explosion in digital right now,” says Polvi. “Whether it’s an insurance company or a bank or a company making heavy equipment — companies have to become service providers in some form.”

Security is still the reason CoreOS cares about Gifee. Polvi says the company hasn’t deviated from that target. But Gifee theoretically brings other benefits, such as more efficient operations and a cloudlike structure that would give an enterprise consistent environments between its own data centers and public clouds.

As for what his company actually sells, Polvi says it follows a classic open source philosophy: Give away the difficult stuff that’s common to all implementations — the plumbing — and find a subsegment that’s worth owning, in a business sense. In addition to a container registry called Quay, CoreOS is offering Tectonic, which combines the CoreOS operating system with a Kubernetes scheduler.

But CoreOS’s work still goes back to that idea of better security, even if it’s fueled by the container buzz. “We’re fortunate we ended up in the middle of this,” Polvi says.

“Our goal is not to own all the pieces. Our goal is to help our own company secure the Internet. We’ve stuck very much to our guns on this, from the very beginning.”

Craig Matsumoto is managing editor at SDxCentral.com, responsible for the site's content and for covering news. He is a "veteran" of the SDN scene, having started covering it way back in 2010, and his background in technology journalism goes back to 1994. Craig is based in Silicon Valley. He can be reached at craig@sdxcentral.com.

About SDxCentral

Engage With us

This material may not be copied, reproduced, or modified in whole or in part for any purpose except with express written permission from an authorized representative of SDxCentral, LLC. In addition to such written permission to copy, reproduce, or modify this document in whole or part, an acknowledgement of the authors of the document and all applicable portions of the copyright notice must be clearly referenced. All Rights Reserved.